Thomas Perale
1a25f0c372
For more details on the version bump, see: - https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5 Fixes the following vulnerabilities: - CVE-2025-54764 Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. For more information, see: - https://nvd.nist.gov/vuln/detail/CVE-2025-54764 - https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/ - CVE-2025-59438 Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. For more information, see: - https://nvd.nist.gov/vuln/detail/CVE-2025-59438 - https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/ Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Julien Olivain <ju.o@free.fr>